tests: start fail2ban before healthcheck in testinfra (supabase#1888)

* tests:s start fail2ban before healthcheck * tests: create expected log in test (which is usually created by vector)

Author: samrose

testinfra/test_ami_nix.py

@@ -351,6 +351,30 @@ def gzip_then_base64_encode(s: str) -> str:
  instance.terminate()
  raise TimeoutError("init.sh failed to complete within the timeout period")
 
+ # Create auth-failures.csv file if it doesn't exist (required for fail2ban to start)
+ # This matches what setup_fail2ban() does in the init script
+ logger.info("Ensuring PostgreSQL auth-failures.csv exists...")
+ result = run_ssh_command(
+ ssh,
+ "sudo mkdir -p /var/log/postgresql && sudo chown -R postgres:postgres /var/log/postgresql && sudo chmod 1775 /var/log/postgresql && sudo -u postgres touch /var/log/postgresql/auth-failures.csv && sudo chmod 0664 /var/log/postgresql/auth-failures.csv",
+ )
+ if not result["succeeded"]:
+ logger.warning(f"Failed to create auth-failures.csv: {result['stderr']}")
+
+ # Start fail2ban service before health checks
+ logger.info("Starting fail2ban service...")
+ result = run_ssh_command(ssh, "sudo systemctl start fail2ban.service")
+ if not result["succeeded"]:
+ logger.warning(f"Failed to start fail2ban: {result['stderr']}")
+ # Check fail2ban logs for more details
+ log_result = run_ssh_command(
+ ssh, "sudo journalctl -u fail2ban -n 20 --no-pager"
+ )
+ if log_result["succeeded"]:
+ logger.warning(f"fail2ban logs:\n{log_result['stdout']}")
+ else:
+ logger.info("fail2ban service started successfully")
+
  def is_healthy(ssh) -> bool:
  health_checks = [
  ("postgres", "sudo -u postgres /usr/bin/pg_isready -U postgres"),